I was recently at a Starbucks ordering my boring cup of black coffee when I noticed that there are a SH#T load of people connecting to the Starbucks WIFI. Me being the paranoid mess I have been for years now couldn’t help but wonder just how many of these sitting ducks were aware of just how exposed their privacy was.
Earlier that week I had read an article in Forbes stating that 70% of the hacking incidents occur when the victims connect onto an unsecured network at restaurants, airports, school, and well you guessed it…Starbucks. How blind and careless we all are when that addiction for caffeine and network connectivity hit us simultaneously.
To an amateur hacker and mischievous individual like myself, the possibilities are endless. So let’s dive in on both the risks, and how to mitigate these risks that put your privacy at risk every time you want a refill of that pumpkin spice latte.
Te results may shock you: 36% of millennials claim to seek a strong Wi-Fi signal so that they can browse their social media accounts such as Facebook, Twitter, Instagram, etc.
55% of WIFI users will agree to an exchange of data with these unknown WIFI networks just to have a connection.
If you are among those Wi-Fi lovers, there’s bad news for you… your online privacy and security are at risk.
Here’s How a Macchiato Came At Your Privacy’s Expense
Public WiFi hot spots are the watering holes for the modern day hacker. I’ll be the first to say most of the time it’s a beginner wanting to test out some new Kali Linux tool, and other than kick you off the network there’s no real danger. Once in a bluemoon you could however be one of the unlucky ones that was at the watering hole at the same time as a full time hacker who makes a living from stealing your precious info.
You’ll be amazed and slightly shocked as you read below at how hackers can do this so easily in our present day.
Hopefully this will be a wake up call to keep off public WiFis.
M.I.T.M (Man In The Middle Attacks)
As the name suggests, this type of attack essentially involves a hacker getting in between the message sender and recipient. This attack is one of the very first types of attacks I taught myself to set up and deploy (on myself and only for educational purposes of course).
MITM attacks usually require some sort of hardware like a Raspberry Pi which is a small $35 development board that can be turned into a portable honey pot WiFi hot spot in just under an hour. After downloading Kali Linux into a small 32gb SD card and popping it in the Raspberry Pi it can be turned on and kept completely out of sight in a back pack. The seemingly innocent girl whos typing away what seems to be a term paper could actually be broadcasting a fake WiFi SSID that looks a lot like the other connections broadcasted in the vicinity.
MITM attacks are perhaps the most common type of Wi-Fi attack. Just to put things in perspective this poll constructed of 500 CIO’s from 5 different countries all agreed that MITM attacks are the most problematic to any organization.
The networking communities current love/hate tool…Network Scanners. These amazing tools have helped from beginner to seasoned vet get a tight and hawk like eye on the ins and outs of their networks. Unfortunately it is also one of the hacking communities favorite tools to use to infiltrate and extract very sensitive information about who’s connected on the network.
Let me break it down below on why these tools from the gods are also the work of the devil:
- Map the network by finding all the devices that are connected to it
- Retrieve details regarding the operating system and find vulnerabilities like open ports
- Using the open ports, the hacker would try to directly connect to the device through any means necessary such as password cracking
I’ll make it this simple to understand. If I cant find your computers name, MAC, or IP address…well cracking your password isn’t a matter of “how” but more of “when”. This is why protecting your devices info is so important.
Exploiting your WEP/WPA
Both of these are slowly being phased out. They keep your network as safe as a three year old alone at home with a lighter and gallon of gasoline.
Most of you hopefully know that one of the first things to do when setting up your home router is to disable the WEP setting. This setting if left on can easily be turned on by running a usually four digit numerical pin combination via a computer thats close enough to your network.
Brent Saner, a security researcher has this to say about, “How safe is Wi-Fi at Starbucks? ”
“It doesn’t matter if Starbucks is on WPA, WPA2, WEP (which is incredibly easy to break. give me 1-4 hours or less and close enough distance to a wifi antenna, I’ll break your WPA2… but give me 15 minutes and I’ll break your WEP. If you have WPS enabled? 5 minutes – no matter if you use WPA/WPA2 or WEP)…
All that does not matter if it’s for a Starbucks AP. It might as well be open. Hotspots are *intended* to be accessed by the public.”
Maybe you don’t use a laptop at the coffee shop, perhaps you’re using your phone just to stream.
Android, IOS, etc, it does’nt matter what brand of device you own, or whether it’s phone, tablet, or a palm pilot from 2001. If it was networking capabilities it can be hacked.
Whats the Worst That Can Happen?
With info including your banking credentials, social, drivers license, and address, you might fall victim to threats like identity theft. Here’s what might happen if you fall victim to identity theft:
- The cybercriminal can use your social security number to get a job
- Take loans on your name
- Rent apartments
- In fact, a smart criminal may even use your tax return details to get tax refunds
Why Are Coffee Shops the Most Targeted Venues?
Because most people don’t associate having their identity stolen when picking up a pumpkin spice latte. Equally it is the lack of understanding of this incredibly fast growing tech driven world.
And just to raise the hairs in the back of your neck, coffee shop hot spots are more dangerous than hotel hot spots when connecting to a network.
Image Credit: iPass.com
When you rely too much on the Wi-Fi security at coffee shops, you fall into the traps that hackers have laid out for you. Here are some of the many things that hackers can learn about you when you become their prey:
- All the historical data from your device
- The name of all the places you last visited
- About your personality or traits through the social apps you use
- The documents you send or upload to cloud
How Can You Mitigate the Risk of A Cyber Attack?
I personally like to run off my own data plan 24/7, unless I’m using my own network.
- For starters unglue your eyeballs from Facebook for 30 minutes and wait until you’re back home to share that aesthetically pleasing photo of your overprice coffee.
- Get a VPN for WiFi to secure your data. A VPN will encrypt all your data making it incomprehensible for attackers.
- Turn off automatic file sharing on your laptop
- Never join a network unless you can verify the authenticity through the associates on sites.
I’ve been working remote for a few years now. Some weeks I’m catching 4 flights a day and having to connect at some spots where I feel my device might catch an STD along with some malware if I connect to the network. Sometimes I don’t have a choice, but I always always keep both my data, and my clients data safe by encrypting my data and keeping my connection safe from anyone that may be snooping by using a good VPN Service. There are tons out there, but for the last two years I and most of my team and friends use IP VANISH. Whatever you decide I just hope you take some new information with you that could prevent you some of the headaches I’ve caught myself in the past.
Until Next Time,
Live Long and Prosper.
- Billie Grizzly of Sudo Grizzly Gents, LLC